Kudos to AuthKit

by Uche Ogbuji

I spent some time the past couple of days wrestling with HTTP authentication for a WSGI atom store implementation. It's well known to be a tricky topic, and I went through a lot of bother, especially trying to figure out a Python WSGI library for HTTP auth that was clean, well-documented, and sported a flexible API that worked well across framework choices. I ended up using httplib2 for the client and decided on AuthKit on the WSGI server. I generally like to test my WSGI Web components with CherryPy, Pylons and raw Paste. In this case I didn't get around to Pylons, I was able to get raw paste working well with code along the lines of the bundled example http://authkit.org/trac/browser/AuthKit/trunk/examples/authorize.py. I was never able to get things working with CherryPy, and I'm not sure why. I ran out of time to debug further. It seems CherryPy doesn't like the HTTP status line sent by httplib2 with a www-authenticate response to a 401 using Digest authentication. I think this might have nothing to do with Authkit.

One problem I found with AuthKit is that I had to manually place ez_setup.py in the PYTHONPATH before the install would work. I might be doing something wrong, but this is not a problem I've had with other packages.

What Python tools do you use for your HTTP auth needs?


Sylvain Hellegouarch
2007-08-06 07:08:10
With CherryPy is use the builtin Digest/Basic tools which work perfectly well.

I am really intrigued about the problems you had with CherryPy and httplib2 since I've been using them for ages and they work great, even with an auth like that.

2007-08-07 08:10:27

The point is to use tools that I can reuse across frameworks. I hardly want to learn one set of each module per framework, which is why I'm glad to see WSGI modules come into their own.

As for the problem I had with CP, I'd also like to figure out whether it's a CP bug, an httplib2 bug or (even more likely) something I'm doing wrong. I hope I find time or help to figure that out soon.

Daniel Pronych
2007-08-07 14:35:45

I am using AuthKit right now in a development project and attempting to have it working with IIS 5.1 and 6.0. I have two main issues with AuthKit, in addition to the ez_setup.py problem you encountered, that I have tried to post to the AuthKit trac but it is currently not allow authorization to post comments as a guest user:

1. When run through the WSGI_ISAPI plugin to IIS as soon as a 403 Forbidden is encountered the webpage will return a message indicating a login is required, but it will not return the login screen that appears when I have the website hosted through paster (the exact same code is running on each). As this does not occur for paster and the WSGI will return the error I believe it is safe to assume that AuthKit is not performing correct mapping (although I'm sure I've seen 403 problem noted elsewhere as an issue, just not with the ISAPI).

2. I am unable to tell AuthKit to use a Mako template for the background for the login screen if I have my application set to form authentication (which I would much prefer over forward auth).

I would much prefer to keep using AuthKit but running under IIS is a major requirement at this point. Since I am unable to track down the author on this issue it is quite close to a show-stopper.